Lucene search
K

8700 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 2:28 p.m.9 views

CVE-2026-44358 Espressif Shared GitHub DangerJS: Untrusted Search Path in DangerJS Action Entrypoint

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00181EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 2:24 p.m.11 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44387

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00181EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 9:16 a.m.23 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:25 a.m.15 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 8:25 a.m.39 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:25 a.m.16 views

EUVD-2023-60578

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:25 a.m.27 views

CVE-2023-52945

CVE-2023-52945 describes an "Uncontrolled search path element" vulnerability in the OpenSSL DLL component of Synology BeeDrive for desktop, affecting versions prior to 1.3.2-13814. The issue enables local users to trigger arbitrary code execution via unspecified vectors, with a local attack poten...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/27 7:17 a.m.30 views

CVE-2025-41670 Untrusted Search Path

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS0.0019EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:17 a.m.15 views

CVE-2025-41670

Technical details about CVE-2025-41670 are not publicly available in the provided documents. Monitor for updates from official advisories; no affected products, vulnerable components, or remediation are specified here.

8.7CVSS5.8AI score0.0019EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:17 a.m.8 views

CVE-2025-41670 Untrusted Search Path

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.8AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Synology BeeDrive 代码问题漏洞

Synology BeeDrive is a backup and synchronization device developed by Synology Inc. Versions of Synology BeeDrive prior to 1.3.2-13814 contained a code vulnerability. This vulnerability stemmed from an uncontrolled search path element within the OpenSSL DLL component, which could allow local user...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/26 6:40 p.m.7 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path via the DirPage process. An attacker can execute arbitrary code with the privileges of the server process by placing a handler.lua file in any parent directory above the configured server root and making an HTTP...

9.2CVSS6.2AI score0.00437EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/23 1:43 a.m.22 views

SUSE CVE-2015-2667

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory...

7.2CVSS5.8AI score0.00776EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/05/21 2:42 a.m.16 views

SUSE CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

1.8CVSS5.8AI score0.0009EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server up to 2021-03-03; and the wsrep patch up to 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUP...

9CVSS8.7AI score0.38179EPSS
Exploits9References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflows Since “devsearchpath” can technically be as large as PATHMAX, there was a risk of truncation when copying it and a second string into “fullpath”—since “fullpath” is also sized a...

5.3CVSS6AI score0.00738EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 7:46 p.m.7 views

Untrusted Search Path

Overview @turbo/workspaces is a Tools for working with package managers Affected versions of this package are vulnerable to Untrusted Search Path in the package manager detection. An attacker can execute arbitrary code by placing a malicious .yarnrc.yml file with a controlled yarnPath in a...

9.8CVSS6.2AI score0.00386EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 7:46 p.m.9 views

Untrusted Search Path

Overview @turbo/codemod is a Provides Codemod transformations to help upgrade your Turborepo codebase when a feature is deprecated. Affected versions of this package are vulnerable to Untrusted Search Path in the package manager detection. An attacker can execute arbitrary code by placing a...

9.8CVSS6.2AI score0.00386EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/19 2:16 p.m.10 views

CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

1.8CVSS5.8AI score0.0009EPSS
Exploits0References2
Rows per page
Query Builder